aio-libs
diff --git a/‎.gitignore
Lines changed: 2 additions & 1 deletion b/‎.gitignore
Lines changed: 2 additions & 1 deletion
diff --git a/‎CHANGES.txt
Lines changed: 14 additions & 1 deletion b/‎CHANGES.txt
Lines changed: 14 additions & 1 deletion
diff --git a/‎aiohttp_security/__init__.py
Lines changed: 6 additions & 4 deletions b/‎aiohttp_security/__init__.py
Lines changed: 6 additions & 4 deletions
diff --git a/‎aiohttp_security/api.py
Lines changed: 35 additions & 16 deletions b/‎aiohttp_security/api.py
Lines changed: 35 additions & 16 deletions
diff --git a/‎aiohttp_security/jwt_identity.py
Lines changed: 1 addition & 1 deletion b/‎aiohttp_security/jwt_identity.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎demo/database_auth/handlers.py
Lines changed: 6 additions & 6 deletions b/‎demo/database_auth/handlers.py
Lines changed: 6 additions & 6 deletions
diff --git a/‎demo/database_auth/main.py
Lines changed: 1 addition & 1 deletion b/‎demo/database_auth/main.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎demo/dictionary_auth/handlers.py
Lines changed: 4 additions & 6 deletions b/‎demo/dictionary_auth/handlers.py
Lines changed: 4 additions & 6 deletions
diff --git a/‎demo/simple_example_auth.py
Lines changed: 3 additions & 3 deletions b/‎demo/simple_example_auth.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/example.rst
Lines changed: 9 additions & 8 deletions b/‎docs/example.rst
Lines changed: 9 additions & 8 deletions
@@ -55,4 +55,5 @@ docs/_build/
 # PyBuilder
 target/
 
-coverage
+coverage
+.pytest_cache
@@ -1,10 +1,23 @@
 Changes
 =======
 
+0.3.0 (2018-09-06)
+------------------
+
+- Deprecate ``login_required`` and ``has_permission`` decorators.
+  Use ``check_authorized`` and ``check_permission`` helper functions instead.
+
+- Bump supported ``aiohttp`` version to 3.0+
+
+- Enable strong warnings mode for test suite, clean-up all deprecation
+  warnings.
+
+- Polish documentation
+
 0.2.0 (2017-11-17)
 ------------------
 
-- Add `is_anonymous`, `login_required`, `has_permission` helpers (#114)
+- Add ``is_anonymous``, ``login_required``, ``has_permission`` helpers (#114)
 
 0.1.2 (2017-10-17)
 ------------------
 
@@ -1,16 +1,18 @@
 from .abc import AbstractAuthorizationPolicy, AbstractIdentityPolicy
-from .api import (authorized_userid, forget, has_permission, is_anonymous,
-                  login_required, permits, remember, setup)
+from .api import (authorized_userid, forget, has_permission,
+                  is_anonymous, login_required, permits, remember,
+                  setup, check_authorized, check_permission)
 from .cookies_identity import CookiesIdentityPolicy
 from .session_identity import SessionIdentityPolicy
 from .jwt_identity import JWTIdentityPolicy
 
-__version__ = '0.2.0'
+__version__ = '0.3.0'
 
 
 __all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
            'CookiesIdentityPolicy', 'SessionIdentityPolicy',
            'JWTIdentityPolicy',
            'remember', 'forget', 'authorized_userid',
            'permits', 'setup', 'is_anonymous',
-           'login_required', 'has_permission')
+           'login_required', 'has_permission',
+           'check_authorized', 'check_permission')
@@ -1,4 +1,5 @@
 import enum
+import warnings
 from aiohttp import web
 from aiohttp_security.abc import (AbstractIdentityPolicy,
                                   AbstractAuthorizationPolicy)
@@ -86,6 +87,15 @@ async def is_anonymous(request):
     return False
 
 
+async def check_authorized(request):
+    """Checker that raises HTTPUnauthorized for anonymous users.
+    """
+    userid = await authorized_userid(request)
+    if userid is None:
+        raise web.HTTPUnauthorized()
+    return userid
+
+
 def login_required(fn):
     """Decorator that restrict access only for authorized users.
 
@@ -101,21 +111,34 @@ async def wrapped(*args, **kwargs):
                    "or `def handler(self, request)`.")
             raise RuntimeError(msg)
 
-        userid = await authorized_userid(request)
-        if userid is None:
-            raise web.HTTPUnauthorized
-
-        ret = await fn(*args, **kwargs)
-        return ret
+        await check_authorized(request)
+        return await fn(*args, **kwargs)
 
+    warnings.warn("login_required decorator is deprecated, "
+                  "use check_authorized instead",
+                  DeprecationWarning)
     return wrapped
 
 
+async def check_permission(request, permission, context=None):
+    """Checker that passes only to authoraised users with given permission.
+
+    If user is not authorized - raises HTTPUnauthorized,
+    if user is authorized and does not have permission -
+    raises HTTPForbidden.
+    """
+
+    await check_authorized(request)
+    allowed = await permits(request, permission, context)
+    if not allowed:
+        raise web.HTTPForbidden()
+
+
 def has_permission(
     permission,
     context=None,
 ):
-    """Decorator that restrict access only for authorized users
+    """Decorator that restricts access only for authorized users
     with correct permissions.
 
     If user is not authorized - raises HTTPUnauthorized,
@@ -132,18 +155,14 @@ async def wrapped(*args, **kwargs):
                        "or `def handler(self, request)`.")
                 raise RuntimeError(msg)
 
-            userid = await authorized_userid(request)
-            if userid is None:
-                raise web.HTTPUnauthorized
-
-            allowed = await permits(request, permission, context)
-            if not allowed:
-                raise web.HTTPForbidden
-            ret = await fn(*args, **kwargs)
-            return ret
+            await check_permission(request, permission, context)
+            return await fn(*args, **kwargs)
 
         return wrapped
 
+    warnings.warn("has_permission decorator is deprecated, "
+                  "use check_permission instead",
+                  DeprecationWarning)
     return wrapper
 
 
 
@@ -35,7 +35,7 @@ async def identify(self, request):
 
         identity = jwt.decode(token,
                               self.secret,
-                              algorithm=self.algorithm)
+                              algorithms=[self.algorithm])
         return identity
 
     async def remember(self, *args, **kwargs):  # pragma: no cover
 
@@ -4,7 +4,7 @@
 
 from aiohttp_security import (
     remember, forget, authorized_userid,
-    has_permission, login_required,
+    check_permission, check_authorized,
 )
 
 from .db_auth import check_credentials
@@ -45,25 +45,25 @@ async def login(self, request):
         db_engine = request.app.db_engine
         if await check_credentials(db_engine, login, password):
             await remember(request, response, login)
-            return response
+            raise response
 
-        return web.HTTPUnauthorized(
+        raise web.HTTPUnauthorized(
             body=b'Invalid username/password combination')
 
-    @login_required
     async def logout(self, request):
+        await check_authorized(request)
         response = web.Response(body=b'You have been logged out')
         await forget(request, response)
         return response
 
-    @has_permission('public')
     async def internal_page(self, request):
+        await check_permission(request, 'public')
         response = web.Response(
             body=b'This page is visible for all registered users')
         return response
 
-    @has_permission('protected')
     async def protected_page(self, request):
+        await check_permission(request, 'protected')
         response = web.Response(body=b'You are on protected page')
         return response
 
 
@@ -19,7 +19,7 @@ async def init(loop):
                                     password='aiohttp_security',
                                     database='aiohttp_security',
                                     host='127.0.0.1')
-    app = web.Application(loop=loop)
+    app = web.Application()
     app.db_engine = db_engine
     setup_session(app, RedisStorage(redis_pool))
     setup_security(app,
 
@@ -4,7 +4,7 @@
 
 from aiohttp_security import (
     remember, forget, authorized_userid,
-    has_permission, login_required,
+    check_permission, check_authorized,
 )
 
 from .authz import check_credentials
@@ -55,8 +55,8 @@ async def login(request):
     return web.HTTPUnauthorized(body='Invalid username / password combination')
 
 
-@login_required
 async def logout(request):
+    await check_authorized(request)
     response = web.Response(
         text='You have been logged out',
         content_type='text/html',
@@ -65,19 +65,17 @@ async def logout(request):
     return response
 
 
-@has_permission('public')
 async def internal_page(request):
-    # pylint: disable=unused-argument
+    await check_permission(request, 'public')
     response = web.Response(
         text='This page is visible for all registered users',
         content_type='text/html',
     )
     return response
 
 
-@has_permission('protected')
 async def protected_page(request):
-    # pylint: disable=unused-argument
+    await check_permission(request, 'protected')
     response = web.Response(
         text='You are on protected page',
         content_type='text/html',
 
@@ -1,6 +1,6 @@
 from aiohttp import web
 from aiohttp_session import SimpleCookieStorage, session_middleware
-from aiohttp_security import has_permission, \
+from aiohttp_security import check_permission, \
     is_anonymous, remember, forget, \
     setup as setup_security, SessionIdentityPolicy
 from aiohttp_security.abc import AbstractAuthorizationPolicy
@@ -54,13 +54,13 @@ async def handler_logout(request):
     raise redirect_response
 
 
-@has_permission('listen')
 async def handler_listen(request):
+    await check_permission(request, 'listen')
     return web.Response(body="I can listen!")
 
 
-@has_permission('speak')
 async def handler_speak(request):
+    await check_permission(request, 'speak')
     return web.Response(body="I can speak!")
 
 
 
@@ -9,7 +9,7 @@ Simple example::
 
     from aiohttp import web
     from aiohttp_session import SimpleCookieStorage, session_middleware
-    from aiohttp_security import has_permission, \
+    from aiohttp_security import check_permission, \
         is_anonymous, remember, forget, \
         setup as setup_security, SessionIdentityPolicy
     from aiohttp_security.abc import AbstractAuthorizationPolicy
@@ -63,13 +63,13 @@ Simple example::
         raise redirect_response
 
 
-    @has_permission('listen')
     async def handler_listen(request):
+        await check_permission(request, 'listen')
         return web.Response(body="I can listen!")
 
 
-    @has_permission('speak')
     async def handler_speak(request):
+        await check_permission(request, 'speak')
         return web.Response(body="I can speak!")
 
 
@@ -85,11 +85,12 @@ Simple example::
         app = web.Application(middlewares=[middleware])
 
         # add the routes
-        app.router.add_route('GET', '/', handler_root)
-        app.router.add_route('GET', '/login', handler_login_jack)
-        app.router.add_route('GET', '/logout', handler_logout)
-        app.router.add_route('GET', '/listen', handler_listen)
-        app.router.add_route('GET', '/speak', handler_speak)
+        app.add_routes([
+            web.get('/', handler_root),
+            web.get('/login', handler_login_jack),
+            web.get('/logout', handler_logout),
+            web.get('/listen', handler_listen),
+            web.get('/speak', handler_speak)])
 
         # set up policies
         policy = SessionIdentityPolicy()